>>>>> "Russ" == Russ Allbery <r...@debian.org> writes:
Russ> Jochen <jradmac...@gmx.de> writes: >> After upgrading the krb5 libraries to 1.8 I could not mount my >> Kerberized NFS4 shares. The following error Message is in the >> syslog for every mount attempt: >> rpc.gssd[1298]: rpcsec_gss: gss_init_sec_context: (major) >> Unspecified GSS failure. Minor code may provide more information >> - (minor) Program lacks support for encryption type >> Switching back to 1.7 fixes this Problem. Russ> Sounds like NFS v4 doesn't support stronger encryption types Russ> than DES. You'll need to add: Russ> allow_weak_crypto = true Russ> to the [libdefaults] section of your krb5.conf file. Right. I really think this is a gssd bug: the NFS folks have have multiple years to implement something stronger than DES. Unlike with OpenAFS, the protocol has been quite clear; it's purely a matter of writing code. The work around Russ suggests is the right user-level fix. My comments are more intended to address what the focus should be for the distributions in terms of fixing this. We're adding an API to krb5 to fix this for OpenAFS. Because of the way the API is constructed, it's very difficult for GSSD to actually call it. -- gssd regression, "Program lacks support for encryption type" https://bugs.launchpad.net/bugs/512110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs